As technology advances, so do the ways in which criminals can exploit it. Cyberattacks are becoming more frequent and sophisticated, making a recovery from them increasingly difficult. Without preparation, a cyberattack can be devastating to your business, having severe operational, financial, legal, and reputational implications. To combat this evolving threat, organizations need to be proactive in their approach to cybersecurity.
Securing a technical expert on your board of directors can help strengthen an organization's digital defense from the top, allowing you to stay ahead of the curve and protect your business from potential attacks. With the right preparation—and the right person seated at your boardroom table—you can reduce the impact a cyberattack can have on your organization.
Cybersecurity: A Board-Level Concern
Cybersecurity is a critical aspect of doing business in the 21st century. Organizations face new and evolving threats to their networks and data every day. Most executives now understand cybersecurity is no longer just an "IT issue." It is an organization-wide issue, affecting all facets of business management and employees, sending aftershocks to—if not directly impacting—partners, suppliers, customers or clients, and other third parties. According to a recent 2020 survey, cybersecurity risk is considered the second-highest source of risk for organizations, following regulatory compliance risk.
Boards have traditionally been involved in governance-related issues for the organizations for which they serve. To tackle the breadth of this massive security concern, organizations are increasingly addressing cybersecurity at the board level as well.
Board-level cybersecurity measures allow boards of directors to oversee the organization’s cybersecurity management with the same discernment they apply to its business strategies, policies, and decisions. Board members help ensure the organization has the appropriate expertise, resources, and procedures to minimize the chance of a cyberattack and alleviate any damages. Maintaining open communication about cybersecurity with management helps keep every level of the organization on the same page, strengthening its defense.
The Benefits of Having a Board-Level Expert
A board of directors comprises a group of passionate and visionary leaders who often hold technical experience in legal skills, finance, industry knowledge, or strategic planning. They are experts at a lot of things, but usually not cybersecurity.
Having a board member with cybersecurity expertise can provide valuable insight on risk assessment, data management, incident response planning, and more. It can increase understanding of cybersecurity insights and technical data and help other board members understand their organizations' risks and mitigate them. Holding a technical conversation with IT management is critical for the board in fully processing the organization's cybersecurity framework, decision-making, and accountability.
During a cybersecurity crisis, technical knowledge on the board will speed up the recovery process by allowing directors to ask the appropriate questions and understand the answers. While the board's job is not to put cybersecurity plans into motion, they oversee that management is handling those issues proficiently. Industry knowledge is key to scrutinizing that process.
A cybersecurity expert can also advise the board on compliance with the evolving rise of data privacy laws and regulations. Across the globe, governing bodies address the growing need for a legal framework to protect citizens from digitally-related wrongdoings. Yet, many IT managers don't know which regulations or laws apply to their organization. So far, data security regulations only affect certain areas. For instance, in 2018, the European Union (EU) passed the General Data Protection Regulation (GDPR), imposing strict standards organizations must abide by to protect EU citizens' data. The California Consumer Privacy Act (CCPA) passed that same year, giving consumers based in the state more control over the personal information businesses collect from them. Those compliance requirements are just the tip of the iceberg, with more likely to come in the future with the potential to reshape corporate cybersecurity behavior.
Addressing a Growing Digital Footprint
Upgraded technology and a new work landscape have brought about many changes and new challenges for organizations in the past two years alone. With remote work becoming the new norm and 5G technology bringing a greater risk for data breaches and cyberattacks, organizations are more vulnerable now than ever before.
To address this growing security concern, many boards of directors are implementing cybersecurity committees. It is predicted that by 2025, 40% of boards of directors will have a dedicated cybersecurity committee headed by a qualified board member. The purpose of this committee is to assess the organization's risk profile, perform an in-depth audit of its digital vulnerabilities, and find areas of improvement. It can also oversee protocols and help with the implementation of cybersecurity policies. Having an expert at the helm of this committee is vital for its success.
Cybersecurity is a complex and ever-evolving field. Organizations should strongly consider including a cybersecurity expert on their board of directors to ensure protection from digital attacks. With so many new threats to consider, it has never been more critical for organizations to have a qualified individual in this crucial role.
For more information about the role cybersecurity plays with your board, please contact us.
Copyright © 2022, Law360 Tax Authority. All Rights Reserved. Contents of this publication may not be reproduced without the express written consent of Law 360 Tax Authority and CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.
CBIZ MHM is the brand name for CBIZ MHM, LLC and other Financial Services subsidiaries of CBIZ, Inc. (NYSE: CBZ) that provide tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies.